CAS-003 · Question #509
Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) beh
The correct answer is B. It is not blocking or filtering any traffic to the server.. The key insight is that Ann ran iptables commands on the server (10.0.1.19) itself - not on the firewall. The subsequent port scan from her external workstation (192.168.2.45) captures packets successfully reaching the server, meaning the firewall is transparently passing all tra
Question
Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall:
From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:
Connectivity to the server from outside the firewall worked as expected prior to executing these commands. Which of the following can be said about the new firewall?
Exhibit
Options
- AIt is correctly dropping all packets destined for the server.
- BIt is not blocking or filtering any traffic to the server.
- CIptables needs to be restarted.
- DThe IDS functionality of the firewall is currently disabled.
How the community answered
(28 responses)- A21% (6)
- B57% (16)
- C7% (2)
- D14% (4)
Explanation
The key insight is that Ann ran iptables commands on the server (10.0.1.19) itself - not on the firewall. The subsequent port scan from her external workstation (192.168.2.45) captures packets successfully reaching the server, meaning the firewall is transparently passing all traffic through. If the firewall were functioning as a perimeter security device, it should be filtering what reaches the server; instead, traffic flows unimpeded. The iptables rules Ann configured are host-based rules on the server, which is a separate concern from the firewall's behavior.
Topics
Community Discussion
No community discussion yet for this question.
